Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fa/f710ce-440f-405f-ac50-aa942994fc60/1/2gem_s7OXY9RAP-ycmH2xxzMRNo.roa
File:                     2gem_s7OXY9RAP-ycmH2xxzMRNo.roa (raw, json)
Hash identifier:          6NO1TmiFHnyHzmCN0vzltL3ibNQx4wAuQ4KlzIiXvoM=
Subject key identifier:   DA:07:A6:FE:CE:CE:5D:8F:51:00:FF:B2:72:61:F6:C7:1C:CC:44:DA
Certificate issuer:       /CN=156f04fc5ca875315ab0b854b64506b09c998e9a
Certificate serial:       018CC500F72237A0EC1B8C1B784D317D4DCA
Authority key identifier: 15:6F:04:FC:5C:A8:75:31:5A:B0:B8:54:B6:45:06:B0:9C:99:8E:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/FW8E_FyodTFasLhUtkUGsJyZjpo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/fa/f710ce-440f-405f-ac50-aa942994fc60/1/2gem_s7OXY9RAP-ycmH2xxzMRNo.roa
Signing time:             Mon 01 Jan 2024 12:30:23 +0000
ROA not before:           Mon 01 Jan 2024 12:30:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39591
IP address blocks:        193.23.113.0/24 maxlen: 24
                          91.198.234.0/24 maxlen: 24
                          2001:678:668::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/fa/f710ce-440f-405f-ac50-aa942994fc60/1/FW8E_FyodTFasLhUtkUGsJyZjpo.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/fa/f710ce-440f-405f-ac50-aa942994fc60/1/FW8E_FyodTFasLhUtkUGsJyZjpo.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/FW8E_FyodTFasLhUtkUGsJyZjpo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 27 Nov 2024 19:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c5:00:f7:22:37:a0:ec:1b:8c:1b:78:4d:31:7d:4d:ca
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=156f04fc5ca875315ab0b854b64506b09c998e9a
        Validity
            Not Before: Jan  1 12:30:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=da07a6fecece5d8f5100ffb27261f6c71ccc44da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:84:48:0f:ca:3b:99:08:7c:17:54:db:6a:11:e4:
                    b3:24:b6:a1:98:2d:89:b1:16:f9:ae:31:5c:89:c7:
                    1e:3e:15:4c:ef:91:ba:51:d2:bf:3d:dd:d6:c1:fe:
                    67:cc:ab:93:10:16:03:73:81:4b:4d:d9:5d:20:a3:
                    ba:e4:53:fd:2d:29:f2:c7:e2:a2:48:78:9a:6c:b5:
                    8a:95:35:44:5a:24:dc:e3:bd:7a:29:e4:a0:b1:74:
                    fd:93:5a:28:64:a8:7d:a6:cc:fc:4a:01:36:f4:4b:
                    08:f0:34:97:b4:fe:ef:95:a1:80:5e:cf:91:fd:75:
                    11:3f:31:84:f6:47:1a:30:a8:8a:17:de:4d:4d:bb:
                    ca:b1:f0:e0:e4:e1:7b:be:d5:30:be:0f:2b:18:26:
                    f7:97:93:81:06:e0:10:20:72:e8:af:30:d5:d0:c6:
                    b8:78:f3:69:23:7f:ba:27:ef:00:32:5f:a7:9e:6b:
                    97:65:75:73:24:52:b6:a8:fb:46:6c:e5:ba:11:47:
                    05:b2:e9:70:76:77:d0:71:bb:0c:5e:33:69:f2:d6:
                    2f:e8:e2:9b:84:fb:06:45:76:e7:67:27:5b:9b:9c:
                    08:3f:5e:5e:ed:a0:f7:da:72:19:85:2b:eb:ca:17:
                    f8:8f:c7:4b:57:d6:f4:75:d3:a9:60:e4:f3:88:70:
                    00:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:07:A6:FE:CE:CE:5D:8F:51:00:FF:B2:72:61:F6:C7:1C:CC:44:DA
            X509v3 Authority Key Identifier:
                keyid:15:6F:04:FC:5C:A8:75:31:5A:B0:B8:54:B6:45:06:B0:9C:99:8E:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/FW8E_FyodTFasLhUtkUGsJyZjpo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f710ce-440f-405f-ac50-aa942994fc60/1/2gem_s7OXY9RAP-ycmH2xxzMRNo.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/fa/f710ce-440f-405f-ac50-aa942994fc60/1/FW8E_FyodTFasLhUtkUGsJyZjpo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.198.234.0/24
                  193.23.113.0/24
                IPv6:
                  2001:678:668::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:55:a0:63:d9:df:85:8e:b5:cb:86:25:f5:a3:bf:97:0e:5c:
         a5:68:2a:06:09:a4:97:ea:05:b4:d1:1d:9e:f4:e7:ff:34:c3:
         a0:d8:80:9c:ca:15:8f:db:28:2d:b9:5f:be:f7:86:1e:82:eb:
         9a:9e:d0:a4:b3:47:8f:03:e3:8a:b5:5c:14:67:ea:c0:5d:8d:
         86:ac:b9:13:b5:6c:f9:cb:7d:19:9d:52:75:96:0f:1f:5b:ed:
         32:be:3a:2e:94:b3:03:c8:41:9c:2f:f3:23:45:0e:38:f7:61:
         f8:b9:b9:cf:f1:58:0a:ed:4e:82:64:b6:3a:ab:2e:5f:82:7f:
         63:fa:2f:36:bc:9a:02:a5:2b:e6:3e:37:57:81:87:d8:2c:0c:
         4a:1f:b7:06:ec:e7:dc:b3:37:81:7f:a8:b0:9d:09:ee:7d:7b:
         75:7d:75:f7:87:d1:fc:50:72:fe:34:b7:62:e0:79:59:1c:df:
         be:24:bc:71:98:c4:83:e6:aa:3e:a6:21:70:cc:8c:66:e9:2f:
         93:3d:4c:d1:e5:e0:3a:fa:3d:07:9f:5d:ee:47:c3:df:25:d2:
         3b:29:b8:36:7a:9e:02:15:76:0c:2a:71:8e:2c:e1:74:d4:38:
         a7:0e:c2:91:b7:88:30:1f:15:ce:84:85:12:b0:da:03:d4:69:
         96:ac:15:fc
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYzFAPciN6DsG4wbeE0xfU3KMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE1NmYwNGZjNWNhODc1MzE1YWIwYjg1NGI2NDUwNmIwOWM5
OThlOWEwHhcNMjQwMTAxMTIzMDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYTA3YTZmZWNlY2U1ZDhmNTEwMGZmYjI3MjYxZjZjNzFjY2M0NGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEgPyjuZCHwXVNtqEeSzJLahmC2J
sRb5rjFciccePhVM75G6UdK/Pd3Wwf5nzKuTEBYDc4FLTdldIKO65FP9LSnyx+Ki
SHiabLWKlTVEWiTc4716KeSgsXT9k1ooZKh9psz8SgE29EsI8DSXtP7vlaGAXs+R
/XURPzGE9kcaMKiKF95NTbvKsfDg5OF7vtUwvg8rGCb3l5OBBuAQIHLorzDV0Ma4
ePNpI3+6J+8AMl+nnmuXZXVzJFK2qPtGbOW6EUcFsulwdnfQcbsMXjNp8tYv6OKb
hPsGRXbnZydbm5wIP15e7aD32nIZhSvryhf4j8dLV9b0ddOpYOTziHAAxwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFNoHpv7Ozl2PUQD/snJh9scczETaMB8GA1UdIwQY
MBaAFBVvBPxcqHUxWrC4VLZFBrCcmY6aMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRlc4RV9GeW9kVEZhc0xoVXRrVUdzSnlaanBvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mYS9mNzEwY2UtNDQwZi00MDVmLWFjNTAt
YWE5NDI5OTRmYzYwLzEvMmdlbV9zN09YWTlSQVAteWNtSDJ4eHpNUk5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mYS9mNzEwY2UtNDQwZi00MDVmLWFjNTAtYWE5NDI5OTRmYzYw
LzEvRlc4RV9GeW9kVEZhc0xoVXRrVUdzSnlaanBvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAW8bqAwQA
wRdxMA8EAgACMAkDBwAgAQZ4BmgwDQYJKoZIhvcNAQELBQADggEBAJ9VoGPZ34WO
tcuGJfWjv5cOXKVoKgYJpJfqBbTRHZ705/80w6DYgJzKFY/bKC25X773hh6C65qe
0KSzR48D44q1XBRn6sBdjYasuRO1bPnLfRmdUnWWDx9b7TK+Oi6UswPIQZwv8yNF
Djj3Yfi5uc/xWArtToJktjqrLl+Cf2P6Lza8mgKlK+Y+N1eBh9gsDEoftwbs59yz
N4F/qLCdCe59e3V9dfeH0fxQcv40t2LgeVkc374kvHGYxIPmqj6mIXDMjGbpL5M9
TNHl4Dr6PQefXe5Hw98l0jspuDZ6ngIVdgwqcY4s4XTUOKcOwpG3iDAfFc6EhRKw
2gPUaZasFfw=
-----END CERTIFICATE-----
Generated at Wed Nov 27 00:39:55 2024 by rpki-client on console-ams.rpki-client.org